itlawwikiaorg-20200214-history
California Online Privacy Protection Act of 2003
Citation California Online Privacy Protection Act of 2003 (CalOPPA; also OPPA), as amended by A.B. 370 (eff. Jan. 11, 2014), codified at Cal. Business & Professions Code §§22575-79 (2004). 2003 law In 2003, California enacted the "Online Privacy Protection Act," which requires website owners to conspicuously post a statement of their policies regarding the collection and sharing of personal information. The law, which becomes effective on July 1, 2004, was the first state law to require owners of commercial websites or online services to post a privacy policy. The law states that if a website collects information such as first and last name, mailing address, email address, phone number, or Social Security number and is considered a commercial entity, it must post a link to its privacy policy on its home page that includes the following: * The categories of personal information that are collected. * The categories of third parties with whom personal information may be shared. * The ability for consumers to review the personal information the site has collected and the ability to remove it if allowed. * The process by which the website owner will notify consumers when the privacy policy is changed, and * The effective date of the policy. The goal of the legislation was to create transparency in data collection practices and to help users make informed decisions. However, the legislation does not regulate the substance of websites' practices; they only need to disclose those practices. Application to mobile apps California Attorney General Kamala Harris stated publicly on October 26, 2012Notice of Non-Compliance with California Online Privacy Protection Act. that her office would interpret CalOPPA's application to "online services" to include mobile applications for compliance and enforcement purposes. 2013 amendment The 2013 Amendment amends CalOPPA to require two new privacy policy disclosures for websites and online services regarding online behavioral tracking: :(1) the operator's response to a browser DNT signal or to "other mechanisms,"Cal. Bus. & Prof. Code §22575(b)(5). The "other mechanisms" in the first disclosure requirement can be understood to refer to any technology that, like a Do Not Track browser signal, provides consumers the ability to exercise choice about the collection of their personally identifiable information over time and across third-party web sites or online services. An operator must make the first disclosure only if the operator engages in the collection of personally identifiable information about a consumer's online activities over time and across third-party web sites or online services. and :(2) the possible presence of other parties conducting online tracking on the operator's site or service.Id. §22575(b)(6). Another provision allows for an alternative way to comply with the first disclosure requirement. The alternative is to provide a "clear and conspicuous" link in the operator's privacy policy to a "program or protocol" that offers consumers a choice about online tracking.Id. §22575(b)(7). Note that the term used here, "program or protocol," is not the same as the term used in subdivision 5, "mechanism." The linked location must contain a description of the program or protocol and must describe the effects of the program on consumers who participate in it. It is designed as one additional step to existing California requirements for online privacy policies that is intended to bring greater transparency and consumer scrutiny over websites' practices related to honoring "Do Not Track" (DNT) preferences of Internet and mobile app users. The stated purpose of the legislation is to provide greater transparency to consumers about how companies' websites and online services, including mobile apps, respond to a DNT signal from an Internet browser. The California Attorney's Office added that References Source * "2013 amendment" section: Making Privacy Practices Public, at 7. Category:Privacy Category:Legislation Category:Legislation-U.S.-State Category:Legislation-U.S.-Privacy Category:2003 Category:2013